summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7/pk7_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs7/pk7_lib.c')
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_lib.c54
1 files changed, 37 insertions, 17 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index 8b863d0558..45973fe850 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -123,7 +123,7 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
123 { 123 {
124 case NID_pkcs7_signed: 124 case NID_pkcs7_signed:
125 if (p7->d.sign->contents != NULL) 125 if (p7->d.sign->contents != NULL)
126 PKCS7_content_free(p7->d.sign->contents); 126 PKCS7_free(p7->d.sign->contents);
127 p7->d.sign->contents=p7_data; 127 p7->d.sign->contents=p7_data;
128 break; 128 break;
129 case NID_pkcs7_digest: 129 case NID_pkcs7_digest:
@@ -157,7 +157,7 @@ int PKCS7_set_type(PKCS7 *p7, int type)
157 break; 157 break;
158 case NID_pkcs7_data: 158 case NID_pkcs7_data:
159 p7->type=obj; 159 p7->type=obj;
160 if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL) 160 if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
161 goto err; 161 goto err;
162 break; 162 break;
163 case NID_pkcs7_signedAndEnveloped: 163 case NID_pkcs7_signedAndEnveloped:
@@ -165,9 +165,6 @@ int PKCS7_set_type(PKCS7 *p7, int type)
165 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) 165 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
166 == NULL) goto err; 166 == NULL) goto err;
167 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); 167 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
168/* p7->d.signed_and_enveloped->enc_data->content_type=
169 OBJ_nid2obj(NID_pkcs7_encrypted);*/
170
171 break; 168 break;
172 case NID_pkcs7_enveloped: 169 case NID_pkcs7_enveloped:
173 p7->type=obj; 170 p7->type=obj;
@@ -175,8 +172,14 @@ int PKCS7_set_type(PKCS7 *p7, int type)
175 == NULL) goto err; 172 == NULL) goto err;
176 ASN1_INTEGER_set(p7->d.enveloped->version,0); 173 ASN1_INTEGER_set(p7->d.enveloped->version,0);
177 break; 174 break;
178 case NID_pkcs7_digest:
179 case NID_pkcs7_encrypted: 175 case NID_pkcs7_encrypted:
176 p7->type=obj;
177 if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
178 == NULL) goto err;
179 ASN1_INTEGER_set(p7->d.encrypted->version,0);
180 break;
181
182 case NID_pkcs7_digest:
180 default: 183 default:
181 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 184 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
182 goto err; 185 goto err;
@@ -224,8 +227,13 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
224 } 227 }
225 if (!j) /* we need to add another algorithm */ 228 if (!j) /* we need to add another algorithm */
226 { 229 {
227 alg=X509_ALGOR_new(); 230 if(!(alg=X509_ALGOR_new())
231 || !(alg->parameter = ASN1_TYPE_new())) {
232 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
233 return(0);
234 }
228 alg->algorithm=OBJ_nid2obj(nid); 235 alg->algorithm=OBJ_nid2obj(nid);
236 alg->parameter->type = V_ASN1_NULL;
229 sk_X509_ALGOR_push(md_sk,alg); 237 sk_X509_ALGOR_push(md_sk,alg);
230 } 238 }
231 239
@@ -289,6 +297,9 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
289int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 297int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
290 EVP_MD *dgst) 298 EVP_MD *dgst)
291 { 299 {
300 char is_dsa;
301 if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
302 else is_dsa = 0;
292 /* We now need to add another PKCS7_SIGNER_INFO entry */ 303 /* We now need to add another PKCS7_SIGNER_INFO entry */
293 ASN1_INTEGER_set(p7i->version,1); 304 ASN1_INTEGER_set(p7i->version,1);
294 X509_NAME_set(&p7i->issuer_and_serial->issuer, 305 X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -296,17 +307,16 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
296 307
297 /* because ASN1_INTEGER_set is used to set a 'long' we will do 308 /* because ASN1_INTEGER_set is used to set a 'long' we will do
298 * things the ugly way. */ 309 * things the ugly way. */
299 ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 310 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
300 p7i->issuer_and_serial->serial= 311 p7i->issuer_and_serial->serial=
301 ASN1_INTEGER_dup(X509_get_serialNumber(x509)); 312 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
302 313
303 /* lets keep the pkey around for a while */ 314 /* lets keep the pkey around for a while */
304 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 315 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
305 p7i->pkey=pkey; 316 p7i->pkey=pkey;
306 317
307 /* Set the algorithms */ 318 /* Set the algorithms */
308 if (pkey->type == EVP_PKEY_DSA) 319 if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
309 p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
310 else 320 else
311 p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); 321 p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
312 322
@@ -320,9 +330,12 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
320 330
321 if (p7i->digest_enc_alg->parameter != NULL) 331 if (p7i->digest_enc_alg->parameter != NULL)
322 ASN1_TYPE_free(p7i->digest_enc_alg->parameter); 332 ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
323 if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) 333 if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
324 goto err; 334 else {
325 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; 335 if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
336 goto err;
337 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
338 }
326 339
327 return(1); 340 return(1);
328err: 341err:
@@ -397,9 +410,9 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
397 X509_NAME_set(&p7i->issuer_and_serial->issuer, 410 X509_NAME_set(&p7i->issuer_and_serial->issuer,
398 X509_get_issuer_name(x509)); 411 X509_get_issuer_name(x509));
399 412
400 ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 413 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
401 p7i->issuer_and_serial->serial= 414 p7i->issuer_and_serial->serial=
402 ASN1_INTEGER_dup(X509_get_serialNumber(x509)); 415 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
403 416
404 X509_ALGOR_free(p7i->key_enc_algor); 417 X509_ALGOR_free(p7i->key_enc_algor);
405 p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR, 418 p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
@@ -425,6 +438,7 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
425int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) 438int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
426 { 439 {
427 int i; 440 int i;
441 ASN1_OBJECT *objtmp;
428 PKCS7_ENC_CONTENT *ec; 442 PKCS7_ENC_CONTENT *ec;
429 443
430 i=OBJ_obj2nid(p7->type); 444 i=OBJ_obj2nid(p7->type);
@@ -441,7 +455,13 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
441 return(0); 455 return(0);
442 } 456 }
443 457
444 /* Setup cipher OID */ 458 /* Check cipher OID exists and has data in it*/
459 i = EVP_CIPHER_type(cipher);
460 if(i == NID_undef) {
461 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
462 return(0);
463 }
464 objtmp = OBJ_nid2obj(i);
445 465
446 ec->cipher = cipher; 466 ec->cipher = cipher;
447 return 1; 467 return 1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 17:04:25 +0000